Enable audit pipeline for ceilometer
This change adds the keystonemiddleware audit paste filter[0] and enables it for the ceilometer-api service. This provides the ability to audit API requests for ceilometer. [0] https://docs.openstack.org/keystonemiddleware/latest/audit.html Change-Id: I9d49769bc04f9623ecf5ba4276665dc3b5bebd07
This commit is contained in:
parent
d544a556db
commit
4fea33dd64
@ -120,6 +120,7 @@ data:
|
||||
ceilometer.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.ceilometer | b64enc }}
|
||||
api_paste.ini: {{ include "helm-toolkit.utils.to_ini" .Values.conf.paste | b64enc }}
|
||||
policy.json: {{ toJson .Values.conf.policy | b64enc }}
|
||||
api_audit_map.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.api_audit_map | b64enc }}
|
||||
event_pipeline.yaml: {{ toYaml .Values.conf.event_pipeline | b64enc }}
|
||||
pipeline.yaml: {{ toYaml .Values.conf.pipeline | b64enc }}
|
||||
event_definitions.yaml: {{ toYaml .Values.conf.event_definitions | b64enc }}
|
||||
|
@ -88,6 +88,10 @@ spec:
|
||||
mountPath: /etc/ceilometer/policy.json
|
||||
subPath: policy.json
|
||||
readOnly: true
|
||||
- name: ceilometer-etc
|
||||
mountPath: /etc/ceilometer/api_audit_map.conf
|
||||
subPath: api_audit_map.conf
|
||||
readOnly: true
|
||||
- name: ceilometer-etc
|
||||
mountPath: /etc/ceilometer/event_definitions.yaml
|
||||
subPath: event_definitions.yaml
|
||||
|
@ -1268,6 +1268,9 @@ conf:
|
||||
'filter:authtoken':
|
||||
paste.filter_factory: 'keystonemiddleware.auth_token:filter_factory'
|
||||
oslo_config_project: 'ceilometer'
|
||||
'filter:audit':
|
||||
paste.filter_factory: 'keystonemiddleware.audit:filter_factory'
|
||||
audit_map_file: '/etc/ceilometer/api_audit_map.conf'
|
||||
'filter:cors':
|
||||
oslo_config_project: 'ceilometer'
|
||||
paste.filter_factory: 'oslo_middleware.cors:filter_factory'
|
||||
@ -1278,7 +1281,7 @@ conf:
|
||||
oslo_config_project: 'ceilometer'
|
||||
paste.filter_factory: 'oslo_middleware:RequestId.factory'
|
||||
'pipeline:main':
|
||||
pipeline: cors http_proxy_to_wsgi request_id authtoken api-server
|
||||
pipeline: cors http_proxy_to_wsgi request_id authtoken audit api-server
|
||||
polling:
|
||||
sources:
|
||||
- name: all_pollsters
|
||||
@ -1387,6 +1390,16 @@ conf:
|
||||
'telemetry:get_sample': ''
|
||||
'telemetry:get_samples': ''
|
||||
'telemetry:query_sample': ''
|
||||
audit_api_map:
|
||||
DEFAULT:
|
||||
target_endpoint_type: None
|
||||
path_keywords:
|
||||
meters: meter_name
|
||||
resources: resource_id
|
||||
statistics: None
|
||||
samples: sample_id
|
||||
service_endpoints:
|
||||
metering: service/metering
|
||||
wsgi_ceilometer: |
|
||||
Listen 0.0.0.0:{{ tuple "metering" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
|
||||
|
||||
|
Loading…
x
Reference in New Issue
Block a user